JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.230.23.63

120.230.23.63 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 12%: ?

12%

ISP	China Mobile Communications Corporation
Usage Type	Fixed Line ISP
ASN	AS9808
Domain Name	chinamobile.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.230.23.63

Whois 120.230.23.63

IP Abuse Reports for 120.230.23.63:

This IP address has been reported a total of 10 times from 3 distinct sources. 120.230.23.63 was first reported on March 15th 2025, and the most recent report was 18 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-22 21:33:10 (18 hours ago)	(mod_security) mod_security (id:210831) triggered by 120.230.23.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.23.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 17:33:05.012635 2026] [security2:error] [pid 23310:tid 23310] [client 120.230.23.63:17369] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.catnameslist.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.catnameslist.com"] [uri "/"] [unique_id "ajmqEcKMGWJahiTKh7pebAAAAEI"], referer: http://www.catnameslist.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇿🇦 Tokolosh Hunters	2026-05-22 22:17:18 (1 month ago)	AutoBlockWindow-Known bad useragent query-2026-05-22 22:17:17	Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-20 18:43:12 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 120.230.23.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.23.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 14:43:06.062999 2026] [security2:error] [pid 26577:tid 26577] [client 120.230.23.63:2374] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|addocc.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "addocc.com"] [uri "/"] [unique_id "ag4Auj-h2LGyVX-7PTExsAAAACc"], referer: https://addocc.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-16 21:08:42 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 120.230.23.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.23.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 16 17:08:39.047525 2026] [security2:error] [pid 26865:tid 26865] [client 120.230.23.63:2559] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|linguistes.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "linguistes.com"] [uri "/index.html"] [unique_id "agjc11ZK_FLbDdLOV4Z0EAAAAAw"], referer: http://linguistes.com/index.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-13 19:52:41 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 120.230.23.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.23.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 13 15:52:34.146350 2026] [security2:error] [pid 17929:tid 17929] [client 120.230.23.63:2398] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.wsffjatc.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.wsffjatc.org"] [uri "/"] [unique_id "agTWggNeG3AOQNQrdSLM9gAAAAo"], referer: http://www.wsffjatc.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2026-03-27 00:56:57 (2 months ago)	ThreatBook Intelligence: Spam,Gateway more details on https://threatbook.io/ip/120.230.23.63 2026-03 ... show more ThreatBook Intelligence: Spam,Gateway more details on https://threatbook.io/ip/120.230.23.63 2026-03-26 08:37:49 /sitemap.xml show less	Web App Attack
🇺🇸 TPI-Abuse	2026-01-16 21:27:15 (5 months ago)	(mod_security) mod_security (id:210831) triggered by 120.230.23.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 120.230.23.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 16:27:08.009447 2026] [security2:error] [pid 23838:tid 23838] [client 120.230.23.63:4941] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|windermerewatch2.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "windermerewatch2.com"] [uri "/"] [unique_id "aWqtLGz6LaBNTt5fsBJP1QAAAAk"], referer: https://windermerewatch2.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-03 02:24:08 (9 months ago)	(mod_security) mod_security (id:210350) triggered by 120.230.23.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 120.230.23.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 02 22:23:52.874710 2025] [security2:error] [pid 7333:tid 7333] [client 120.230.23.63:7894] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.renju.net\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.renju.net"] [uri "/game/7097/"] [unique_id "aLemuGq4nOysx-NQMvacFwAAAAI"], referer: https://www.renju.net/game/7097 show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-03-19 23:32:19 (1 year ago)	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/120.230.23.63 2025-03- ... show more ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/120.230.23.63 2025-03-19 16:26:23 /robots.txt show less	Web App Attack
🇨🇳 ThreatBook.io	2025-03-15 23:19:02 (1 year ago)	ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/120.230.23.63 2025-03- ... show more ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/120.230.23.63 2025-03-15 05:47:42 / 2025-03-15 06:24:39 /config.json show less	Web App Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 213.176.16.218

🇧🇷 205.210.31.201

🇬🇧 193.163.125.206

🇹🇷 188.119.27.215

🇧🇷 179.109.53.143

🇫🇮 147.185.133.244

🇺🇸 129.146.243.24

🇸🇬 103.187.147.214

🇻🇳 103.153.254.96

🇫🇷 91.196.152.32

🇰🇷 14.63.196.175

🇺🇸 2607:f8b0:400e:c09::12c

🇧🇷 205.210.31.203

🇩🇪 185.220.101.37

🇺🇸 178.128.1.119

🇺🇸 135.237.127.112

🇯🇵 107.155.15.8

🇺🇸 104.12.19.114

🇧🇩 103.4.145.50

🇫🇷 85.217.140.12